Cyber Conflict as an Emergent Social Phenomenon

This chapter examines the emergence of social networks of non-state warriors launching cyber attacks for social and political reasons. It examines the origin and nature of these networks; their objectives, targets, tactics, and use of online forums; and their relationship, if any, to their governments. General concepts are illustrated with case studies drawn from operations by Strano Net, the Electronic Disturbance Theater, the Electrohippies, and other networks of cyber activists; electronic jihad as practiced by those affiliated with al-Qa’ida and the global jihadist movement associated with it; and operations by patriotic hackers from China, Russia, and elsewhere.

The 2009 Rotman-telus Joint Study on IT Security Best Practices

This chapter describes the 2009 study findings in a series of annual studies that the Rotman School of Management at the University of Toronto in Ontario and TELUS, one of Canada’s major Telecommunications companies, are committed to undertake to develop a better understanding of the state of IT Security in Canada and its relevance to other jurisdictions, including the United States. This 2009 study was based on a pre-test involving nine focus groups conducted across Canada with over 50 participants. As a result of sound marketing of the 2009 survey and the critical need for these study results, the authors focus on how 500 Canadian organizations with over 100 employees are faring in effectively coping with network breaches. In 2009, as in their 2008 study version, the research team found that organizations maintain that they have an ongoing commitment to IT Security Best Practices. However, with the 2009 financial crisis in North America and elsewhere, the threat appears to be amplified, both from outside the organization and from within. Study implications regarding the USA PATRIOT Act are discussed at the end of this chapter.

Micro-Frauds

During the past two decades, network technologies have shaped just about every aspect of our lives, not least the ways by which we are now victimized. From the criminal’s point of view, networked technologies are a gift. The technologies act as a force multiplier of grand proportions, providing individual criminals with personal access to an entirely new field of ‘distanciated’ victims across a global span. So effective is this multiplier effect, there is no longer the compulsion to commit highly visible and risky multi-million-dollar robberies when new technologies enable offenders to commit multi-million-dollar thefts from the comfort of their own home, with a relatively high yield and little risk to themselves. From a Criminological perspective, network technologies have effectively democratized fraud. Once a ‘crime of the powerful (Sutherland, 1949; Pearce, 1976; Weisburd, et al., 1991; Tombs and Whyte, 2003) that was committed by offenders who abused their privileged position in society, fraud can now be committed by all with access to the internet. This illustration highlights the way that computers can now be used to commit crimes, and this chapter will specifically focus upon the different ways that offenders can use networked computers to assist them in performing deceptions upon individual or corporate victims in to obtain an informational or pecuniary advantage.

Between Hackers and White-Collar Offenders

Scholars often view hacking as one category of computer crime, and computer crime as white-collar crime. However, no study to date has examined the extent to which hackers exhibit the same characteristics as white-collar offenders. This chapter looks at empirical data drawn from 54 face-to-face interviews with Israeli hackers, in light of the literature in the field of white-collar offenders, concentrating on their accounts and socio-demographic characteristics. Hackers and white-collar offenders differ significantly in age and in their accounts. White-collar offenders usually act for economic gain; hackers act for fun, curiosity, and opportunities to demonstrate their computer virtuosity. Hackers, in contrast to white-collar offenders, do not deny their responsibility, nor do they tell a “sad tale.”

Female and Male Hacker Conferences Attendees

To date, studies on those in the Computer Underground have tended to focus not on aspects of hackers’ life experiences but on the skills needed to hack, the differences and similarities between insider and outsider crackers, and the differences in motivation for hacking. Little is known about the personality traits of the White Hat hackers, as compared to the Black Hat hackers. This chapter focuses on hacker conference attendees’ self-reported Autism-spectrum Quotient (AQ) predispositions. It also focuses on their self-reports about whether they believe their somewhat odd thinking and behaving patterns—at least as others in the mainstream society view them—help them to be successful in their chosen field of endeavor.

Examining the Language of Carders

The threat posed by a new form of cybercrime called carding--or the illegal acquisition, sale, and exchange of sensitive information--has increased in recent years. Few researchers, however, have considered the social dynamics driving this behavior. This chapter explores the argot, or language, used by carders through a qualitative analysis of 300 threads from six web forums run by and for data thieves. The terms used to convey knowledge about the information and services sold are explored in this chapter. In addition, the hierarchy and status of actors within carding communities are examined to understand how language shapes the social dynamics of the market. The findings provide insight into this emerging form of cybercrime, and the values driving carders’ behavior. Policy implications for law enforcement intervention are also discussed.

Deciphering the Hacker Underground

The increasing dependence of modern societies, industries, and individuals on information technology and computer networks renders them ever more vulnerable to attacks on critical IT infrastructures. While the societal threat posed by malicious hackers and other types of cyber criminals has been growing significantly in the last decade, mainstream criminology has only recently begun to realize the significance of this threat. Cyber criminology is slowly emerging as a subfield of criminological study and has yet to overcome many of the problems other areas of criminological research have already mastered. Aside from substantial methodological and theoretical problems, cyber criminology currently also suffers from the scarcity of available data. As a result, scientific answers to crucial questions remain. Questions like: Who exactly are these network attackers? Why do they engage in malicious hacking activities? This chapter begins to fill this gap in the literature by examining survey data about malicious hackers, their involvement in hacking, their motivations to hack, and their hacking careers. The data for this study was collected during a large hacking convention in Washington, D.C, in February 2008. The study findings suggest that a significant motivational shift takes place over the trajectory of hackers’ careers, and that the creation of more effective countermeasures requires adjustments to our current understanding of who hackers are and why they hack.

Policing of Movie and Music Piracy

Ongoing skirmishes between mainstream Hollywood entertainment conglomerates and Peer-to-Peer (P2P) file-sharing networks recently reached a crescendo when a Swedish court convicted members of the world’s largest BitTorrent, The Pirate Bay, and handed out the stiffest sentence to date.1 Four operators of The Pirate Bay received one year imprisonments and fines totaling $30 million, including confiscation of equipment. While this verdict sent shockwaves amongst P2P networks, piracy remains rampant, and this incident further exacerbated relations between file sharers and Hollywood. In retaliation, supporters of P2P file-sharing attacked websites of the law firms representing the Hollywood studios (Johnson, 2009). This victory by Hollywood studios may be a Pyrrhic defeat in the long run if the studios do not soften their antagonistic relations with the public. This chapter explores structural and cultural conflicts amongst security actors that make fighting piracy extremely difficult. In addition, it considers the role of law enforcement, government, industries, and the general public in creating long-term security models.

Computer Hacking and the Techniques of Neutralization

Nowadays, experts have suggested that the economic losses resulting from mal-intended computer hacking, or cracking, have been conservatively estimated to be in the hundreds of millions of dollars per annum. The authors who have contributed to this book share a mutual vision that future research, as well as the topics covered in this book, will help to stimulate more scholarly attention to the issue of corporate hacking and the harms that are caused as a result. This chapter explores malicious hacking from a criminological perspective, while focusing on the justifications, or neutralizations, that cyber criminals may use when engaging in computer cracking--which is in the United States and many other jurisdictions worldwide, illegal.

The General Theory of Crime and Computer Hacking

Though in recent years, a number of studies have been completed on hackers’ personality and communication traits by experts in the fields of psychology and criminology, a number of questions regarding this population remain. Does Gottfredson and Hirschi’s concept of low self-control predict the unauthorized access of computer systems? Do computer hackers have low levels of self-control, as has been found for other criminals in mainstream society? If low self-control can predict the commission of computer hacking, this finding would seem to support the generality argument of self-control theory and imply that computer hacking and other forms of cybercrime are substantively similar to terrestrial crime. This chapter focuses on the results of a study where we examined whether Gottfredson and Hirschi’s general theory of crime is applicable to computer hacking in a college sample.